leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b0e2796029
linux/drivers/staging
History
Sasha Levin b0e2796029 Staging: unisys: verify that a control channel exists 
The code didn't verify that a control channel exists before trying to
use it. It caused NULL ptr derefs which were easy to trigger by an
unpriviliged user simply by reading the proc file, causing:

[   68.161404] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   68.162442] IP: visorchannel_read (drivers/staging/unisys/visorchannel/visorchannel_funcs.c:225)
[   68.163165] PGD 5ca21067 PUD 5ca20067 PMD 0
[   68.163712] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[   68.164390] Dumping ftrace buffer:
[   68.164793]    (ftrace buffer empty)
[   68.165220] Modules linked in:
[   68.165601] CPU: 0 PID: 7915 Comm: cat Tainted: G        W     3.14.0-next-20140403-sasha-00012-gef5fa7d-dirty #373
[   68.166821] task: ffff88006e8c3000 ti: ffff88005ca30000 task.ti: ffff88005ca30000
[   68.167689] RIP: visorchannel_read (drivers/staging/unisys/visorchannel/visorchannel_funcs.c:225)
[   68.168683] RSP: 0018:ffff88005ca31e58  EFLAGS: 00010282
[   68.169302] RAX: ffff88005ca10000 RBX: ffff88005ca31e97 RCX: 0000000000000001
[   68.170019] RDX: ffff88005ca31e97 RSI: 0000000000000bd6 RDI: 0000000000000000
[   68.170019] RBP: ffff88005ca31e78 R08: 0000000000000000 R09: 0000000000000000
[   68.170019] R10: ffff880000000000 R11: 0000000000000001 R12: 0000000000000001
[   68.170019] R13: 0000000000000bd6 R14: 0000000000000000 R15: 0000000000008000
[   68.170019] FS:  00007f0e8c041700(0000) GS:ffff88007be00000(0000) knlGS:0000000000000000
[   68.170019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.170019] CR2: 0000000000000000 CR3: 000000006efe9000 CR4: 00000000000006b0
[   68.170019] Stack:
[   68.170019]  ffff88005ca31f50 ffff88005ca10000 000000000060e000 ffff88005ca31f50
[   68.170019]  ffff88005ca31ec8 ffffffff83e6f983 ffff8800780db810 0000000000008000
[   68.170019]  ffff88005ca31ec8 ffff88006da5f908 ffff8800780db800 000000000060e000
[   68.170019] Call Trace:
[   68.170019] proc_read_toolaction (drivers/staging/unisys/visorchipset/visorchipset_main.c:2541)
[   68.170019] proc_reg_read (fs/proc/inode.c:211)
[   68.170019] vfs_read (fs/read_write.c:408)
[   68.170019] SyS_read (fs/read_write.c:519 fs/read_write.c:511)
[   68.170019] tracesys (arch/x86/kernel/entry_64.S:749)
[   68.170019] Code: 00 00 66 66 66 66 90 55 48 89 e5 48 83 ec 20 48 89 5d e0 48 89 d3 4c 89 65 e8 49 89 cc 4c 89 6d f0 49 89 f5 4c 89 75 f8 49 89 fe <48> 8b 3f e8 4f f9 ff ff 85 c0 0f 88 97 00 00 00 4d 85 ed 0f 85
[   68.170019] RIP visorchannel_read (drivers/staging/unisys/visorchannel/visorchannel_funcs.c:225)
[   68.170019]  RSP <ffff88005ca31e58>
[   68.170019] CR2: 0000000000000000

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-04-07 12:48:17 -07:00
..
android Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
bcm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
ced1401 Staging: ced1401: Fix no new typedef warning in ced_ioctl.h 2014-03-18 13:30:44 -07:00
comedi staging: comedi: poc: remove obsolete driver 2014-03-20 01:57:01 +00:00
cptm1217
crystalhd staging: crystalhd: Fix no space before tabs 2014-03-16 21:32:32 -07:00
cxt1e1 Staging: cxt1e1: Fix externs should be avoided in .c files in comet.c 2014-03-19 09:17:23 -07:00
dgap staging: dgap: fix the rest of the checkpatch warnings in dgap.c 2014-03-19 13:54:39 -07:00
dgnc staging:dgnc: Removed assignments from if statements. 2014-03-17 16:42:47 -07:00
dgrp drivers/staging/dgrp:dgrp_tty.c: Fix line over 80 characters. 2014-03-18 10:53:21 -07:00
et131x
frontier Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
ft1000 staging: ft1000: Fix line over 80 characters. 2014-03-19 13:41:28 -07:00
fwserial
gdm72xx staging: gdm72xx: remove completed TODO item 2014-03-16 19:53:58 -07:00
gdm724x Staging: gdm724x: Fix unchecked sscanf values in gdm_lte.c 2014-03-18 11:35:53 -07:00
goldfish
gs_fpgaboot
iio staging: adc: mxs-lradc.c Fix line over 80 characters. 2014-03-19 13:41:27 -07:00
imx-drm staging:imx-drm: Fix line over 80 characters. 2014-03-18 11:36:58 -07:00
keucr staging:keucr: Remove typedefs 2014-03-16 22:01:41 -07:00
line6 Staging driver pull request for 3.15-rc1 2014-04-01 16:45:00 -07:00
lustre Merge branch 'cross-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2014-04-04 14:03:05 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
mt29f_spinand
netlogic
nokia_h4p staging: nokia_h4p: Fix quoted string split across lines 2014-03-19 13:50:23 -07:00
nvec
octeon Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-04-02 20:53:45 -07:00
octeon-usb staging: octeon-usb: prevent memory corruption 2014-03-20 01:51:12 +00:00
olpc_dcon
ozwpan staging:ozwpan:Fix sparse warning of cast to restricted __le16 2014-03-18 11:58:45 -07:00
panel
phison
quickstart
rtl8187se Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
rtl8188eu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
rtl8192e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
rtl8192u Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
rtl8712 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
rtl8723au staging: r8723au: Fix build problem when RFKILL is not selected 2014-04-06 17:54:51 -07:00
rtl8821ae Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-04-02 20:53:45 -07:00
rts5139
rts5208 staging: rts5208: Fix line over 80 characters. 2014-03-18 11:56:51 -07:00
sbe-2t3e3
sep
serqt_usb2 drivers/staging/serqt_usb2:serqt_usb2.c Fix line over 80 characters. 2014-03-18 11:18:05 -07:00
silicom staging/silicom/bypasslib/bp_ioctl.h Fix do not add new typedefs. 2014-03-18 11:55:31 -07:00
slicoss staging: slicoss: free IO remapping on failure 2014-03-18 12:11:55 -07:00
speakup staging/speakup:speakup_dectlk.c Fix line over 80 characters. 2014-03-18 12:22:20 -07:00
ste_rmi4
tidspbridge staging/tidspbridge/rmgr/mgr.c Fix quoted string split across lines 2014-03-19 09:27:39 -07:00
unisys Staging: unisys: verify that a control channel exists 2014-04-07 12:48:17 -07:00
usbip Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
vme
vt6655 staging:vt6655: Fix sparse warnings of using plain integer as NULL pointer 2014-03-18 11:01:21 -07:00
vt6656 staging: vt6656: s_uGetRTSCTSRsvTime fix return. 2014-03-19 09:00:19 -07:00
winbond staging: winbond: Fix line over 80 characters. 2014-03-19 09:27:39 -07:00
wlags49_h2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-04-02 20:53:45 -07:00
wlags49_h25
wlan-ng Staging: wlan-ng: Fix smatch warning potential null reference 2014-03-19 13:41:27 -07:00
xgifb
xillybus staging: xillybus: XILLYBUS_PCIE depends on PCI_MSI 2014-03-21 12:24:09 -07:00
Kconfig staging: r8723au: Turn on build of new driver 2014-04-05 14:53:46 -07:00
Makefile staging: r8723au: Turn on build of new driver 2014-04-05 14:53:46 -07:00
staging.c